Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	sacrishi
	Aug 20 2014, 2:28 PM

Description

File : cipher/md.c
Line number in the above file where erroneous code is :1267

Libgcrypt version 1.5.4 code:

if ( !buffer || (nbytes && (*nbytes != sizeof (int))))

    rc = GPG_ERR_INV_ARG;
  else
    {
      algo = *(int*)buffer;

      *nbytes = 0;

-> Here in the above if conditional check if buffer is not NULL and nbytes is
NULL then the code flow goes to else section where nbytes ,though being NULL, is
dereferenced which is an error, so the code should be modified.

I am adding a patch for the bug ->md.patch

Recommended code:

if ( !buffer || !nbytes || (*nbytes != sizeof (int)))

  err = GPG_ERR_INV_ARG;
else
  {

I am attaching a patch for this bug -> md.patch

Details

Version: 1.5.4

Related Objects

Mentioned Here: D212: 461_md.patch

Event Timeline

D212: 461_md.patch

sacrishi added projects: libgcrypt, Bug Report.Aug 20 2014, 2:28 PM

sacrishi set Version to 1.5.4.

sacrishi assigned this task to • werner.Aug 21 2014, 10:37 AM

sacrishi added a subscriber: • werner.

sacrishi added a subscriber: • aheinecke.Aug 21 2014, 10:40 AM

Fixed in master. Will be ported to 1.6.

ported to 1.6.

• werner closed this task as Resolved.Aug 21 2014, 12:53 PM

Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267Closed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic
Actions